So, I have about a thousand ways to index logs from a Docker container, but what I'm looking for is some kind of best practice for getting logs from a docker container into splunk.
None of the solutions I've come up with are elegant and I don't really like them. Anyone out there using Docker and Splunk? If so, how are you accomplishing it? mounting a volume for the container to write logs and then using Splunk on the Docker host? Writing all logs to stdout and forwarding that to Wyslog server that's running a Splunk Forwarder? Running Splunk forwarder inside the container? Something else?
Help me find a best practice way to do this!
↧